cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Lansweeper server keeps creating unnamed scheduled tasks on my pc

akcsie
Engaged Sweeper
I had been bothered for a while since Lansweeper keeps creating a task with description "Enable WMI" 3~4 times daily in my windows 7(client pc). Task name is always a string of GUID or something.

Malwarebyte keeps detecting all these tasks as PUP.Crossrider.A everyday, and it is really annoying.

Here's an example I got from security eventlog:
A scheduled task was created.
Task Name: \af302a31-f597-4d96-a757-0b18af137918
<Exec>
<Command>C:\Windows\System32\cmd.exe</Command>
<Arguments>/c winmgmt -standalonehost &amp;&amp; net stop winmgmt /Y &amp;&amp; net start winmgmt /Y &amp;&amp; netsh firewall add portopening TCP 24158 WMIFixedPort &amp;&amp; netsh firewall set service RemoteAdmin enable</Arguments>
</Exec>

Is there anyway to stop this?
1 ACCEPTED SOLUTION

Michael_V
Champion Sweeper III
Can you please mail us a screenshot of this viruswarning so we can inform the antivirus vendor.
Support@lansweeper.com

View solution in original post

3 REPLIES 3

Susan_A
Lansweeper Tech Support
Lansweeper Tech Support
The tasks being generated is expected behavior, them not being deleted after running is not. We are able to reproduce this behavior and will include a fix in our next update to ensure that the tasks are deleted.

Lansweeper pulls Windows computer data from WMI, Windows Management Instrumentation. As WMI data is by default sent over random ports, scanning without an agent will fail unless *all* WMI traffic is allowed. In an effort to resolve firewall related scanning errors, recent Lansweeper releases will run a scheduled task on the client machine to set up a fixed WMI port if port 135 is open on the machine but an RPC error occurs during scanning. Configuring a fixed WMI port is supported by Windows Vista and more recent operating systems.

A task is only generated if you're scanning without an agent and a firewall related scanning error occurs. If you allow all WMI traffic through your firewalls, no RPC errors or scheduled tasks will be generated.

KHabershon
Engaged Sweeper II
I also am having the same issue, however, it is affecting a production server. Was there any resolution to this? There are multiple tasks being created without any cleanup of those tasks.

**EDIT** Added screenshots and also this is not an AV pop up or anything like that.

Michael_V
Champion Sweeper III
Can you please mail us a screenshot of this viruswarning so we can inform the antivirus vendor.
Support@lansweeper.com